Connecting to a Checkpoint VPN-1 from Snow Leopard?

Checkpoint SecureClient doesn't work with Snow Leopard, so I've been looking for some other options. VPN Tracker appears to work, but lacks username/password (XAUTH RSA) authentication support (PSK and X.509 only, it seems), so I can't use it to connect to our VPN-1 box.

I've looked at IPSecuritas, but I can't figure out how to configure it - specifically, mapping over the settings from the Checkpoint VPN-1 SecureClient. IPSecuritas has a billion more options, which I presume of course SecureClient was just hiding from me because obviously it knows what to do to connect to a VPN-1, and the IPSecuritas forums are generally full of questions with no answers, so that doesn't really appear to be a quality avenue for support.

Does anyone have an XAUTH RSA IPSec VPN to a Checkpoint VPN-1 working in Snow Leopard, and what software did you use?

Sadly no go on that either...my connection is actually never getting out of Phase 1, so it's not even getting to an authentication step. I suppose the thing to do is start fiddling with all the options in Phase 1 and see if I can get them to match up - maybe I can find a list of defaults for VPN-1 on the internet somewhere, as a place to start at least.

That almost works, but I don't know what to put in for User FQDN, and I suspect it matters as I'm getting: "Message: '[0020] The user is not defined properly. (msg_obj :format (1.0) :id (VPN_USER_NOT_PROPERLY_DEFINED_2) :def_msg ("The user is not defined properly.") :arguments () )" from IKE. Does this have to match up to some value on the server that I don't know about?

I put in the user name that I login with.

i just noticed that they released more recent version (3.3) then what i had before (3.2), try upgrading to more recent one regardless the case. also i remember when i create my connection first time i used wizard and believe it or not even though i was entering same settings i couldn't get to work, so try it again another time wizard i know that might sound stupid but thats how it worked for me...

oh yeah and another thing is, since snow leopard is officially out hopefully checkpoint get off of their lazy butts and do some actual work around there and make new version that is snow leopard compatible

Annoyingly you also have to shut down any interfaces on your own machine that may overlap with the address space in the remote networks (even though with the VPN-1 SecureClient there isn't actually any bleed-through), so I have to whack my VMWare vmnet interfaces....anyone know how to control where VMWare decides to stick NAT'd interfaces?

this link is dead